Data Protection Academy » Data Protection News » Anonymisation of Internet data often not secure

anonymisation

Anonymisation of Internet data often not secure

In an interview with the German Press Agency, Ulrich Kelber (Federal Data Protection Commissioner) calls for more reliability and clarity with regard to anonymised Internet data. Often it is only pseudonymised data. This is not real protection. We explain the difference.

Background information on anonymization

The consent of processing personal data such as name or address is not required for anonymised data according to the European General Data Protection Regulation. According to recital 26 of the GDPR, anonymised data is personal data (e.g. date of birth, name, address) that can no longer be assigned to a specific person as a result of changes made. In short: anonymised data no longer allows the identification of a person.

What is the problem

In an interview with the Deutsche Presse Agentur, the Federal Data Protection Commissioner referred to a specific case: it was often unclear whether the use of data to be consented to was actually anonymised. For example, if users were asked when making online purchases whether they agreed to anonymised use of data for market research purposes. At the same time, Kelber admitted that there is currently still a lack of legal guidelines. Companies or data subjects would often not be able to assess the situation properly. Often, supposedly anonymized data are merely pseudonymised.

External Data Protection Officer

You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.

Anonymisation / Pseudonymisation: what is the difference?

Anonymised data is information that cannot be related to an identified or identifiable natural person (Recital 26, GDPR). Anonymisation therefore means that a person is no longer identifiable. We have elaborated on the following further questions in our data protection wiki: When is data really anonymous? How can I anonymise data? Learn more about anonymised data in the wiki.

pseudonymisation is the processing of personal data in the sense that personal data can no longer be attributed to a specific person without the need for additional information. Learn more about pseudonymised data in the wiki.

The most important difference between anonymisation and pseudonymisation is that pseudonymised data can be assigned to a natural person, provided that further information is available. This is not possible with anonymised data. Anonymised data is therefore much more secure in terms of data protection.

Ulrich Kelber to the Deutsche Presse Agentur:

"If data were really anonymized, it would not even require consent for anonymous use, because then it would no longer be personal data."

Source: Data protection officer Ulrich Kelber to dpa (trade journal)

Do you have specific questions about data protection or would you like professional advice? Our data protection experts are there for you throughout Germany! Come to us!

Prof. Dr. Andre Döring

This might interest you too:

Whatsapp Privacy

WhatsApp and privacy

The messenger service WhatsApp is part of the Facebook group to which Instagram also belongs. At the beginning of 2021, Whatsapp announced an adjustment of its privacy policy. What can users do?

Data protection and data security while working from home

What do employers and employees need to be aware of? Concrete tips on data protection and advice on data security.

Use of social networks by public authorities

Social networks are often not DSGVO compliant. Data protection and social media use in public authorities: Important instrument or contradiction in terms?